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IN THE CLAIMS : 

Please amend claims 1, 9, 10, 17 and 20 as indicated below. 
Please cancel claims 7-8 and 18-19 as indicated below. 
Please add new claim 21 as indicated below. 

A listing of the status of all claims 1-21 in the present patent application is provided 

below: 

1. (Currently Amended) A method for use in compliance management, 
comprising: 

presenting, via a computer network, at least one user with a series of questions 
relating to at least one business category; 

soliciting, via the computer network, a response from the at least one user for each 
question presented; [[and]] 

determining a detection index based on the number of responses to each of the 
series of questions; 

determining an occurrence index based on the potential consequence of non- 
compliance: 

determining a standard severity risk index based on the expected severity of non- 
compliance: and 

prioritizing, via the computer network, the at least one business category based on 
the at least one user's responses and at least one total risk score comprising the product of the 
detection, occurrence and standard severity risk indices standard severity risk index . 
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2. (Original) The method of claim 1 wherein the user response comprises a "Yes" or 

"No. 

3. (Original) The method of claim 1 wherein at the least one standard severity risk 
index comprises a number between 1 and 10 corresponding to a specific level of risk. 

4. (Original) The method of claim 3 wherein the number "1" comprises the lowest 
level of risk severity, and the number "10" the highest level of severity. 

5. (Original) The method of claim 1 wherein the at least one standard severity risk 
index corresponds to the at least one business category. 

6. (Original) The method of claim 1 further comprising the step of determining a 
detection index based on the number of questions presented, the at least one user's responses, 
and the number of users. 

7. (Canceled) 

8. (Canceled) 

9. (Currently Amended) The method of claim [[8]] 1 further comprising ranking 
the at least one business category based on the at least one total risk score. 

10. (Currently Amended) A system for use in compliance management, comprising: 
a query module associated with an engine for presenting at least one user with a series of 

questions relating to at least one business category, and for soliciting and receiving responses 
from the at least one user for each question presented; 

a prioritization module associated with the engine fo r: (1) determining a detection index 
based on the number of responses to each of the series of questions, determining an occurrence 
index based on the potential consequence of non-compliance, and determining a standard 
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severity risk index based on the expected severity of non-compliance, and (2) prioritizing the at 
least one business category based on the at least one user's responses and at least one total risk 
score comprising the product of a detection, occurrence and standard severity risk indices 
standard severity risk index . 

1 1 . (Original) The system of claim 10 wherein the series of questions are presented to 
the user over a communications network. 

12. (Original) The system of claim 10 further comprising an administration module 
associated with the engine for inputting, updating and accessing data associated with the query 
and prioritization modules, the administration module being accessible to an administrator of the 
system via an administration interface. 

13. (Original) The system of claim 10 wherein the user response comprises a "Yes" 
or "No" response. 

14. (Original) The system of claim 10 wherein the at least one standard severity risk 
index comprises a number between 1 and 10 corresponding to a specific level of risk. 

15. (Original) The system of claim 14 wherein the number "1" comprises the lowest 
level of severity, and the number "10" the highest level of severity. 

16. (Original) The system of claim 10 wherein the at least one standard severity risk 
index corresponds to the at least one business category. 

17. (Currently Amended) The system of claim 10 wherein the prioritization module 
further determines a the detection index is based on the number of questions presented, the at 
least one user's responses, and the number of users. 

18. (Canceled) 
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19. (Canceled) 

20. (Currently Amended) The system of claim [[19]] 10 wherein prioritization 
module further ranks the at least one business category based on the at least one total risk score. 

21. (New) The method of claim 1 wherein the detection is determined by the 
following formula: 

n 

^]/(#of answers .) 
Detection index = — , 

(dm 

wherein i refers to each possible response, 

# of answers/ refers to the number of queries or questions that were answered with a 
particular response i, 

n refers to the total number of queries or questions in that category, and 
d refers to the number of departments or units responding. 
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